<?php
require('header.php');

// Code from http://jameshamilton.eu/content/simple-php-shopping-cart-tutorial

// Modify the cart
if (isset($_GET['id']) && isset($_GET['action'])) {
	$product_id = $_GET['id']; //the product id from the URL 
	$action = $_GET['action']; //the action from the URL 

	switch($action) { //decide what to do 
		case "add":
			if(!isset($_SESSION['cart'][$product_id])) $_SESSION['cart'][$product_id] = 0;
			$_SESSION['cart'][$product_id]++; //add one to the quantity of the product with id $product_id 
			break;

		case "remove":
			$_SESSION['cart'][$product_id]--; //remove one from the quantity of the product with id $product_id 
			if($_SESSION['cart'][$product_id] == 0) unset($_SESSION['cart'][$product_id]); //if the quantity is zero, remove it completely (using the 'unset' function) - otherwise is will show zero, then -1, -2 etc when the user keeps removing items. 
			break;

		case "empty":
			unset($_SESSION['cart']); //unset the whole cart, i.e. empty the cart. 
			break;
	}
}


if (isset($_SESSION['cart'])) { //if the cart isn't empty
	//show the cart

	echo "<table border=\"1\" padding=\"3\" width=\"40%\">"; //format the cart using an HTML table
	$total = 0;

	//iterate through the cart, the $product_id is the key and $quantity is the value
	foreach($_SESSION['cart'] as $product_id => $quantity) {

		//get the name, description and price from the database - this will depend on your database implementation.
		//use sprintf to make sure that $product_id is inserted into the query as a number - to prevent SQL injection
		$sql = "SELECT name, price FROM item WHERE part_no =" . $product_id;

		$result = mysqli_query($con, $sql);

		//Only display the row if there is a product (though there should always be as we have already checked)
		if(mysqli_num_rows($result) > 0) {

			list($name, $price) = mysqli_fetch_row($result);

			$line_cost = $price * $quantity; //work out the line cost
			$total = $total + $line_cost; //add to the total cost

			echo "<tr>";
			//show this information in table cells
			echo "<td align=\"center\">$name</td>";
			//along with a 'remove' link next to the quantity - which links to this page, but with an action of remove, and the id of the current product
			echo "<td align=\"center\">$quantity <a href=\"$_SERVER[PHP_SELF]?action=add&id=$product_id\">+</a> <a href=\"$_SERVER[PHP_SELF]?action=remove&id=$product_id\">-</a></td>";
			echo "<td align=\"center\">$line_cost</td>";

			echo "</tr>";

		}

	}

	//show the total
	echo "<tr>";
	echo "<td colspan=\"2\" align=\"right\">Total</td>";
	echo "<td align=\"right\">$total</td>";
	echo "</tr>";

	//show the empty cart link - which links to this page, but with an action of empty. A simple bit of javascript in the onlick event of the link asks the user for confirmation
	echo "<tr>";
	echo "<td colspan=\"3\" align=\"right\"><a href='checkout.php'>Check out</a></td>";
	echo "</tr>"; 
	echo "</table>";

} else {
	//otherwise tell the user they have no items in their cart
	echo "You have no items in your shopping cart.";
} 

require('footer.php');
?>